Cyber Threat Intelligence Researcher

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role Background

The Cyber Threat Analysis Branch (CTAB) is looking for a Cyber Threat Intelligence Researcher to support in the provision of technical cyber threat intelligence to the NATO Enterprise and Alliance through researching threat actors’ tactics, techniques and procedures.

NATO Joint Intelligence and Security Division

The Joint Intelligence and Security Division (JISD), under the leadership of the Assistant Secretary General for Intelligence and Security (ASG I&S), comprises two principal pillars: Intelligence – headed by the Deputy ASG for Intelligence; and the NATO Office of Security (NOS) – headed by the Deputy ASG for Security. Intelligence is responsible for ensuring the situational awareness of the North Atlantic Council and the Military Committee, for the analysis of the indications and warnings in support of the NATO Crisis Response System and for the development of intelligence policies and capabilities for NATO. Its functional areas address: intelligence analysis and production, intelligence policy and capability development.

The joint civilian and military Intelligence Production Unit (IPU), under the JISD, delivers strategic intelligence-based analysis to support North Atlantic Council (NAC) and Military Committee (MC) decision making on strategic issues of concern. The IPU produces a range of planned and tasked intelligence products on regional issues in Eurasia, Africa and the Middle East, and on transnational issues such as hybrid warfare, terrorism, instability, weapons of mass destruction and energy security.

The Cyber Threat Analysis Branch (CTAB), under the IPU, is responsible for providing evidence-based assessments of the cyber threat landscape to empower NATO stakeholders to make risk-informed decisions. The multidisciplinary team combines all-source data with cutting edge technologies to support and enhance the Alliance leaderships’ understanding on the nature of cyber competition and conflict. CTAB systematically identifies strategic patterns and trends in cyber space and generates tailored insights to support network defence and mission assurance with predictive analysis, cyber threat intelligence, and threat hunting.

NATO POC for supervision and coordination purposes Vincent Ruers, Threat Research Team Lead

Role Duties and Responsibilities

• Use the CTAB Cyber Threat Intelligence Platform and other sources to conduct research into prioritized cyber threat actors to discover new infrastructure and capabilities under the direction of the team lead.
• Conduct pattern analysis on threat actor infrastructure to detect new malicious infrastructure, and script and automate that detection to allow for threat intelligence at scale.
• Find and analyse potential new cyber threats to NATO based on existing or novel techniques and scripts, and correlate with all available sources to establish an adequate threat picture.
• Translate threat actor tactics, techniques and procedures into actionable intelligence for 1) network defenders through creating detection signatures, contextualizing IoC’s, and writing standardized CTI products, and 2) strategic cyber analysts for use in intelligence production to decision makers.
• Support other threat researchers in their activities, and advise and assist strategic cyber threat analysts in understanding complex technical topics.

Essential Skills and Experience

• At least 2 years of experience with producing or working with cyber threat intelligence.
• Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs) to produce actionable threat intelligence to enable network and host defences in organizations with demonstrable impact.
• Experience with and knowledge of the intelligence lifecycle, analytical tradecraft and frameworks such as MITRE ATT&CK.
• Good communication skills, both orally and written. Able to translate complex technical topics into information conveyable to non-domain experts. Can easily cooperate with other threat researchers by taking and giving feedback.
• Knowledge of network and system fundamentals and experience in any of the following cybersecurity fields: network monitoring, threat hunting, incident response, red teaming, host/network forensics, or reverse engineering.
• Experience with programming in scripting languages such as Python
• Possession of industry recognized cybersecurity certificates such as SANS GIAC or Offensive Security.

Education

• Cybersecurity oriented university degree (information technology, computer science, etc.) or equivalent completed advanced vocational training;

Language Proficiency

• Business English

Working Location

• Brussels, Belgium

Working Policy

• Hybrid (2 days onsite, 3 days remote)

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance